TumbleBit: An Untrusted Tumbler for Bitcoin-Compatible Anonymous Payments

This paper presents TumbleBit, a new anonymous payments scheme that is fully compatible with today’s Bitcoin protocol. TumbleBit allows parties to make payments through an untrusted Tumbler. No-one, not even the Tumbler, can tell which payer paid which payee during a TumbleBit epoch. TumbleBit consists of two interleaved fair-exchange protocols that prevent theft of bitcoins by cheating users or a malicious Tumbler. Our protocol combines fast cryptographic computations (performed off the blockchain) with standard bitcoin scripting functionalities (on the blockchain). We prove the security of TumbleBit using the ideal/real world paradigm and the random oracle model. Security follows from the standard RSA assumption. We have implemented our protocol and used it to mix payments from several participants on the blockchain. Because our off-blockchain computations run in less than a second, TumbleBit’s performance is limited only by the time it takes to confirm three blocks on the blockchain.

[1]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[2]  Alex Biryukov,et al.  Deanonymisation of Clients in Bitcoin P2P Network , 2014, CCS.

[3]  Janardan Misra,et al.  Increasing Anonymity in Bitcoin , 2014, Financial Cryptography Workshops.

[4]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[5]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[6]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[7]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[8]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[9]  B. E. Eckbo Appendix , 1826, Epilepsy Research.

[10]  Cédric Fournet,et al.  Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[11]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Masayuki Abe A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures , 2001, EUROCRYPT.

[14]  Sarah Meiklejohn,et al.  Privacy-Enhancing Overlays in Bitcoin , 2015, Financial Cryptography Workshops.

[15]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[16]  Alexandra Boldyreva Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme , 2003, Public Key Cryptography.

[17]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[18]  Ethan Heilman,et al.  Blindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions , 2016, Financial Cryptography Workshops.

[19]  Björn Scheuermann,et al.  Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies , 2016, IEEE Communications Surveys & Tutorials.

[20]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[21]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[22]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[23]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[24]  Brian Neil Levine,et al.  Sybil-Resistant Mixing for Bitcoin , 2014, WPES.

[25]  Adam D. Smith,et al.  Composition attacks and auxiliary information in data privacy , 2008, KDD.

[26]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[27]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[28]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[29]  Luke Valenta,et al.  Blindcoin: Blinded, Accountable Mixes for Bitcoin , 2015, Financial Cryptography Workshops.

[30]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[31]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[32]  Klaus Wehrle,et al.  CoinParty: Secure Multi-Party Mixing of Bitcoins , 2015, CODASPY.

[33]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[34]  Stefan Dziembowski,et al.  Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts , 2016, ESORICS.

[35]  Henning Pagnia,et al.  On the Impossibility of Fair Exchange without a Trusted Third Party , 1999 .